On Fri, Apr 16, 2010 at 20:29:25 -0700, Craig White <craigwhite@xxxxxxxxxxx> wrote: > > Clearly no OS is safe from exploit. The most effective security method > employed on Linux is simply not to run as superuser where most Windows > and Macintosh users are running as superuser and the software leaves it > to the user to figure out how to run with less privileges (very possible > but not the typical usage). I disagree. This can help with restoring a system, but is more useful for protecting users from each other than users from malware. User accounts have all of the power needed to replicate malware. User accounts have valuable data (may be private or hard to recreate), where as data owned by root typically isn't. There have historically been a lot of local root exploits on linux systems that allow malware to elevate its privilieges. I think selinux is going to of more use in this area than standard unix file system privileges and having a separate root account. It won't solve all of the problems, but it can help protect users from processes running as themselves. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
